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REMARKS 

The Examiner has rejected Claim 42 under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. More specifically, with 
respect to applicant's claimed technique "wherein the schedule is requested by the 
visitor," the Examiner has argued that he is "unable to find support for this limitation in 
[the] original disclosure." 

Applicant respectfully disagrees and respectfully directs the Examiner's attention 
to Page 15, lines 7-10, which discloses that "the scanning engine is invoked for each 
device the customer service 102 has registered in the customer information database 304 
according the schedule requested for that device" and that "[i]n one example, customers 
are offered five possible queue times to schedule scans of their service 1 02" (emphasis 
added). Of course, the above citations are merely examples of the above claim language 
and should not be construed as limiting in any manner. 

The Examiner has rejected Claims 1, 2, 9, 21, 27-30, 35, 38-39, and 41-45 under 
35 U.S.C. 103(a) as being unpatentable over Khaishgi et al. (U.S. Patent No. 6,658,394), 
in view of Guirguis ("Network- and Host-Based Vulnerability Assessments: An 
Introduction to a Cost Effective and Easy to Use Strategy"), further in view of Tiso 
("Automated Security Scanning"), and further in view of Bunker, V et al. (U.S. Patent 
Publication No. 2003/0028803). Additionally, the Examiner has rejected Claim 34 under 
35 U.S.C. 103(a) as being unpatentable over Khaishgi, in view of Guirguis, in view of 
Tiso, in view of Bunker, V, and further in view of "Nessus Scan Report" 
(http://web.archive.org/web/20001 2 1 723 1600/www.nessus.org/demo/report.txt). 
Further, the Examiner has rejected Claims 36-37 under 35 U.S.C. 103(a) as being 
unpatentable over Khaishgi, in view of Guirguis, in view of Tiso, in view of Bunker, V, 
and further in view of Blyth ("An XML-based architecture to perform data integration 
and data unification in vulnerability assessments"). Applicant respectfully disagrees with 
such rejections, especially in view of the amendments made hereinabove to the 
independent claims. Specifically, applicant has amended the independent claims to 
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incorporate, in part, the subject matter of Claim 34, and to at least substantially 
incorporate the subject matter of Claim 36. 

With respect to the independent claims, the Examiner has relied on Page 2, 
second paragraph, and Page 6, Section 3.14 from the Guirguis reference to make a prior 
art showing of applicant's claimed technique "wherein the scanning produces a set of 
XML files including information about open ports, available service, network protocols, 
security exposures and vulnerabilities, the information associated with a device providing 
the on-line service" (see this or similar, but not necessarily identical language in the 
independent claims - as amended). 

Applicant respectfully notes that the above excerpts relied on by the Examiner 
merely disclose that "professionals can use both network- and host-based vulnerability 
assessments (VSs) to obtain a complete evaluation of the security risks of the system(s) 
under investigation " where vulnerability assessments "point out which systems are 
noncompliant with the company security policies" in addition to "locating] which 
systems are vulnerable :., identifying] what services/components are vulnerable , and... 
suggesting] the best method for repairing the vulnerabilities (i.e. - it recommends which 
patch or software version should be used/applied)" (Page 2, second paragraph - emphasis 
added). 

Additionally, the excerpts disclose that "Nessus network VA reports. . . provide a 
complete overview of the target system's vulnerabilities " and "include a list of open ports 
detected , services associated with these ports , and vulnerabilities associated with these 
services along with suggested fixes with related CVE identifications and BID 
identifications," in addition to disclosing that "[e]ach problem detected by Nessus is 
categorized into one of four severity levels," where "Nessus categorizes high severity 
problems as security holes, while medium/low severity problems as warnings and finally 
informational problems as open ports" (Section 3. 1 .4, first paragraph - emphasis added). 
Further, the excerpts disclose that "[t]he assessment results can either be exported into 
different formats such as NSR, Extended NSR, SQL command File, CSV, ASCII text 
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HTML, XML, and Adobe PDF files, or stored in a central MySQL database" (Section 
3. 1 .4, second paragraph). 

However, merely evaluating security risks of a system by identifying 
noncompliant systems and vulnerable services or components, where vulnerability 
assessment reports provide an overview of a system's vulnerabilities and include detected 
open ports, services associated with the ports, and vulnerabilities associated with the 
services, as in Guirguis, fails to disclose a technique "wherein the scanning produces a set 
of XML files including information about open ports, available service, network 
protocols , security exposures and vulnerabilities , the information associated with a device 
providing the on-line service " (emphasis added), as claimed by applicant. Merely 
disclosing a vulnerability assessment report which includes detected open pons, services 
associated with the ports, and vulnerabilities associated with the services, as in Guirguis, 
fails to disclose a technique "wherein the scanning produces a set of XML files 
including... network protocols ... associated with a device providing the on-line service" 
(emphasis added), as specifically claimed by applicant. 

To establish a prima facie case of obviousness, three basic criteria must be met. 
First, there must be some suggestion or motivation, either in the references themselves or 
in the knowledge generally available to one of ordinary skill in the art, to modify the 
reference or to combine reference teachings. Second, there must be a reasonable 
expectation of success. Finally, the prior an reference (or references when combined) 
must teach or suggest all the claim limitations. The teaching or suggestion to make the 
claimed combination and the reasonable expectation of success must both be found in the 
prior art and not based on applicant's disclosure. In re Vaeck,941 F.2d 488, 20 USPQ2d 
1438(Fed.Cir.l99l). 

Applicant respectfully asserts that at least the third element of the prima facie 
case of obviousness has not been met, since the prior art excerpts, as relied upon by the 
Examiner, fail to teach or suggest aU of the claim limitations, as noted above. 
Nevertheless, despite such paramount deficiencies and in the spirit of expediting the 
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prosecution of the present application, applicant has incorporated, in part, the subject 
matter of Claim 34, and has at least substantially incorporated the subject matter of 
former Claim 36 into the independent claims. 

With respect to the subject matter of Claim 34 (now, in part, incorporated into the 
independent claims), the Examiner has relied on the following excerpt from the Nessus 
reference to make a prior art showing of applicant's claimed technique "wherein the 
database stores the information about generic services expected to be running on the open 
ports" (see this or similar, but not necessarily identical language in the independent 
claims). 

"Information found on port ftp (21/tcp) 

bonsai microsoft ftp service (version 4.0). 
500 'get / http/1.0 1 : command not understood" 

(Nessus Scan Report, "DETAILS") 

Applicant respectfully notes that the above excerpt relied on by the Examiner 
merely discloses information found on a particular port, including a service ("bonsai 
microsoft ftp service") running on the port and the version of the service. However, 
merely disclosing a service running on a particular port, as in the Nessus Scan Report 
reference, fails to disclose a technique "wherein the database stores the information about 
generic services expected to be running on the open ports" (emphasis added), as claimed 
by applicant. Merely disclosing a service running on a particular port, as in the Nessus 
Scan Report reference, fails to disclose a technique "wherein the database stores the 
information about generic services expected to be running on the open ports" (emphasis 
added), as specifically claimed by applicant. 

With respect to the subject matter of Claim 36 (now at least substantially 
incorporated into the independent claims), the Examiner has relied on Page 16, first 
paragraph, as well as Figures 1 and 6 (reproduced below) from the Blyth reference to 
make a prior art showing of applicant's claimed technique "wherein the scanning engine 
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parses the set of XML files and stores records of the parsed set of XML files in the 
database in association with an account number of a provider of the online service" (see 
this or similar, but not necessarily identical language in the independent claims). 



Tool 
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SQL 



Figure I; The general architecture. 



$ psxmi -p 80 -v -h 10.63.19.12 I xmldb -v -c 
/etc/xmldb. conf 

The PortScanning XML. Tool Version 1.0 (a jcblyth@glara .ac.uk) 
interesting ports on www.my-victim.com <1 0 . 63 . 19 . 1 2 ) 
Port State Service 

80 open hctp 

Connecting to database xmldb on hoot db.my-hacker.ac.uk 
inserting Information regarding po**t : 80/open/http 
figure 6: Port scanning and database, tools output. 

Applicant respectfully notes that the above excerpt relied on by the Examiner 
merely discloses that "[t]he output from the port scanning tool, or the vulnerability 
scanning tool, is used to create the XML document that is then passed to the parser, 
which uses it to create a DOM tree," and that "[t]he parser parses the XML documents 
with reference to their document type definitions (DTD) to check that the XML 
documents are valid and well formed" (Page 16, first paragraph). Additionally, the 
figures relied on by the Examiner merely disclose a parser, and additionally disclose "an 
example of the psxml and xmldb tools running in verbose mode," where "psxml is a 
simple port scanning tool" and where an "XML document is... passed to the back-end 
XML database system called xmldb" (Page 19, second paragraph, not specifically cited). 

However, merely using output from a port or vulnerability scanning tool to create 
an XML document that is parsed to check that the document is valid and well formed, in 
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addition to disclosing a port scanning tool and a back-end database system, as in Blyth, 
fails to disclose a technique "wherein the scanning engine parses the set of XML files and 
stores records of the parsed set of XML files in the database in association with an 
account number of a provider of the online service " (emphasis added), as claimed. 

Applicant respectfully emphasizes that the excerpts from Blyth relied on by the 
Examiner simply disclose parsing an XML document, and do not even mention an 
account number of a provider of the online service , let alone specifically teach that u the 
scanning engine parses the set of XML files and stores records of the parsed set of XML 
fi les in the database in association wi th an account number of a provider of the onl ine 
service " (emphasis added), as applicant claims. 

Since, at least the third element of the prima facie case of obviousness has not 
been met, especially in view of the amendments made hereinabove to the independent 
claims, a notice of allowance or a proper prior art showing of aU of applicant's claim 
limitations, in combination with the remaining claim elements, is respectfully requested. 

To this end, all of the independent claims are deemed allowable. Moreover, the 
remaining dependent claims are further deemed allowable, in view of their dependence 
on such independent claims. 

In the event a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5 100. The 
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Commissioner is authorized to charge any additional fees or credit any overpayment to 
Deposit Account No. 50- 1 35 1 (Order No. NAI 1 P647). 

Respectfully submitted, 
Zilka-Kotab, PC 

/KEV[NZILKA/ 
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